====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN590
_____________________________________________________________________

DATE                : 21/10/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows running Adobe Illustrator versions prior to
                                           24.2.

=====================================================================
https://helpx.adobe.com/security/products/illustrator/apsb20-53.html
_____________________________________________________________________

Security Updates Available for Adobe Illustrator | APSB20-53
Bulletin ID     Date Published        Priority
ASPB20-53       October 20, 2020        3


Summary

Adobe has released updates for Adobe Illustrator 2020 for Windows.  This
update resolves critical vulnerabilities that could lead to arbitrary
code execution in the context of the current user.


Affected Versions

Product                Version                 Platform
Illustrator 2020   24.2 and earlier versions   Windows


Solution

Adobe categorizes these updates with the following  priority ratings 
and recommends users update their installation to the newest version via
the Creative Cloud desktop app's update mechanism.  For more
information, please reference this help page.


Product         Version        Platform     Priority      Availability
Illustrator 2020    25.0   Windows and macOS   3         Download Page


Vulnerability details

Vulnerability Category 	Vulnerability Impact 	Severity    CVE Numbers
Out-of-Bounds Read   Arbitrary code execution   Critical  CVE-2020-24409
                                                          CVE-2020-24410
Out-of-Bounds Write  Arbitrary code execution   Critical  CVE-2020-24411
Memory Corruption    Arbitrary Code Execution   Critical  CVE-2020-24412
                                                          CVE-2020-24413
                                                          CVE-2020-24414
                                                          CVE-2020-24415

Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting the relevant issues and for working with Adobe to help
protect our customers:    

    Tran Van Khang - khangkito of VinCSS (Member of Vingroup) working
with Trend Micro Zero Day Initiative (CVE-2020-24409, CVE-2020-24410,
CVE-2020-24411)

    Honggang Ren of Fortinet's FortiGuard Labs. (CVE-2020-24412,
CVE-2020-24413, CVE-2020-24414, CVE-2020-24415)




=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================